ch0ic3/android-security-awesome
1
0
Fork 0
mirror of https://github.com/ashishb/android-security-awesome.git synced 2024-12-18 19:46:09 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Updated the link, added new links, corrected a typo

Browse Source 
1. Updated link to the AndroGuard project
2. Added link to the StaDynA open-source tool
3. Added section APP REPACKAGING DETECTORS
4. Added link to the FSquaDRA tool
5. Added link to the samples provided by Drebin project
6. Added section BOOKS
7. Added link to the download page of the book Android Security (and Not) Internals
8. Added paired square bracket
This commit is contained in:
Yury Zhauniarovich 2015-02-10 16:49:37 +01:00
parent 7a32dce8c3
commit 36d1a1fadb
1 changed files with 13 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
README.md
View File

@ -60,6 +60,7 @@ A lot of work is happening in academia and industry on tools to perform dynamic
16. [Aurasium](http://www.aurasium.com/) rewrites the android app to add security policy, seems dead now 16. [Aurasium](http://www.aurasium.com/) rewrites the android app to add security policy, seems dead now
17. [Android Linux Kernel modules](https://github.com/strazzere/android-lkms) 17. [Android Linux Kernel modules](https://github.com/strazzere/android-lkms)
18. [Appie](http://manifestsecurity.com/appie/) - Appie is a software package that has been pre-configured to function as an Android Pentesting Environment.It is completely portable and can be carried on USB stick or smartphone.This is a one stop answer for all the tools needed in Android Application Security Assessment and an awesome alternative to existing virtual machines. 18. [Appie](http://manifestsecurity.com/appie/) - Appie is a software package that has been pre-configured to function as an Android Pentesting Environment.It is completely portable and can be carried on USB stick or smartphone.This is a one stop answer for all the tools needed in Android Application Security Assessment and an awesome alternative to existing virtual machines.
19. [StaDynA](https://github.com/zyrikby/StaDynA) - a system supporting security app analysis in the presence of dynamic code update features (dynamic class loading and reflection). This tool combines static and dynamic analysis of Android applications in order to reveal the hidden/updated behavior and extend static analysis results with this information.
## REVERSE ENGINEERING ## REVERSE ENGINEERING
@ -67,7 +68,7 @@ A lot of work is happening in academia and industry on tools to perform dynamic
3. [emacs syntax coloring for smali files](https://github.com/strazzere/Emacs-Smali) 3. [emacs syntax coloring for smali files](https://github.com/strazzere/Emacs-Smali)
4. [vim syntax coloring for smali files](http://codetastrophe.com/smali.vim) 4. [vim syntax coloring for smali files](http://codetastrophe.com/smali.vim)
5. [AndBug](https://github.com/swdunlop/AndBug) 5. [AndBug](https://github.com/swdunlop/AndBug)
6. [Androguard](http://code.google.com/p/androguard/) powerful, integrates well with other tools 6. [Androguard](https://github.com/androguard/androguard) powerful, integrates well with other tools
7. [Apktool](http://code.google.com/p/android-apktool/) really useful for compilation/decompilation (uses smali) 7. [Apktool](http://code.google.com/p/android-apktool/) really useful for compilation/decompilation (uses smali)
8. [Android Framework for Exploitation](https://github.com/xysec/AFE) 8. [Android Framework for Exploitation](https://github.com/xysec/AFE)
9. [Bypass signature and permission checks for IPCs](https://github.com/iSECPartners/Android-KillPermAndSigChecks) 9. [Bypass signature and permission checks for IPCs](https://github.com/iSECPartners/Android-KillPermAndSigChecks)
@ -91,17 +92,26 @@ A lot of work is happening in academia and industry on tools to perform dynamic
24. [Simplify Android deobfuscator](https://github.com/CalebFenton/simplify) 24. [Simplify Android deobfuscator](https://github.com/CalebFenton/simplify)
25. [Bytecode viewer](https://github.com/Konloch/bytecode-viewer) 25. [Bytecode viewer](https://github.com/Konloch/bytecode-viewer)
##APP REPACKAGING DETECTORS
1. [FSquaDRA](https://github.com/zyrikby/FSquaDRA) - a tool for detection of repackaged Android applications based on app resources hash comparison.
## Exploitable Vulnerabilties ## Exploitable Vulnerabilties
1. [Vulnerability Google 1. [Vulnerability Google
doc](https://docs.google.com/spreadsheet/pub?key=0Am5hHW4ATym7dGhFU1A4X2lqbUJtRm1QSWNRc3E0UlE&single=true&gid=0&output=html) doc](https://docs.google.com/spreadsheet/pub?key=0Am5hHW4ATym7dGhFU1A4X2lqbUJtRm1QSWNRc3E0UlE&single=true&gid=0&output=html)
2. [Root Exploits (from Drozer issue 2. [Root Exploits (from Drozer issue
#56)(https://github.com/mwrlabs/drozer/issues/56) #56)](https://github.com/mwrlabs/drozer/issues/56)
## SAMPLE SOURCES ## SAMPLE SOURCES
1. [contagio mini dump](http://contagiominidump.blogspot.com) 1. [contagio mini dump](http://contagiominidump.blogspot.com)
2. [Open Source database](http://code.google.com/p/androguard/wiki/DatabaseAndroidMalwares) 2. [Open Source database](http://code.google.com/p/androguard/wiki/DatabaseAndroidMalwares)
3. [Drebin](http://user.informatik.uni-goettingen.de/~darp/drebin/)
## BOOKS
1. [Android Security (and Not) Internals](http://www.zhauniarovich.com/pubs.html)
## MISC TOOLS/READINGS ## MISC TOOLS/READINGS